Vulnerabilities > Sourcefabric
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-29 | CVE-2024-41361 | Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php | 9.8 |
2024-08-29 | CVE-2024-41364 | Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php | 9.8 |
2024-08-29 | CVE-2024-41366 | Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php | 9.8 |
2024-08-29 | CVE-2024-41367 | Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php | 9.8 |
2024-08-29 | CVE-2024-41368 | Code Injection vulnerability in Sourcefabric Phoniebox 2.7.0 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php | 9.8 |
2024-08-29 | CVE-2024-41369 | Unspecified vulnerability in Sourcefabric Phoniebox 2.7.0 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php | 9.8 |
2024-01-19 | CVE-2024-0714 | OS Command Injection vulnerability in Sourcefabric Phoniebox A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. | 9.8 |
2022-08-30 | CVE-2022-36749 | OS Command Injection vulnerability in Sourcefabric Rpi-Jukebox-Rfid 2.3.0 RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. | 9.8 |
2020-05-19 | CVE-2020-11807 | Unrestricted Upload of File with Dangerous Type vulnerability in Sourcefabric Newscoop 4.4.7 Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | 7.8 |